Bug ID 1393761: ArcSight sends a series of '000000000' values in the remote log in case of Attack Signature Detected.

Last Modified: Dec 31, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4

Fixed In:
17.1.2

Opened: Nov 03, 2023

Severity: 4-Minor

Related Article: K000137698

Symptoms

Series of 0's seen in Arcsight remote logs, in place of the Attack signature ID and Name.

Impact

Attack signature ID and Name is not seen in remote logs.

Conditions

Remote logging profile with ArcSight as logging format.

Workaround

Use Splunk format instead.

Fix Information

Padding with 0's will not happen.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips